PKCS#7

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

PKCS#7

milivoj.fradelic

Hi!

I need to convert PKCS#7 attached signatures to PKCS#7 detached signatures.

Is it possibly? Is there any example?

Thanks anyway!
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#7

Bernhard Fröhlich-2
[hidden email] wrote:

>
> Hi!
>
> I need to convert PKCS#7 attached signatures to PKCS#7 detached
> signatures.
>
> Is it possibly? Is there any example?
>
> Thanks anyway!

Since noone else answered I'll thay the little I believe to know about
the subject... ;)

I don't think doing this is possible using the openssl utilitoies, but
it might be done using the ASN1 APIs. Maybe you should have a look at
the asn1parse utility (apps/asn1pars.c) as a staring point.

And tell me if you find out more.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#7

Rabellino Sergio
Bernhard Froehlich wrote:

> [hidden email] wrote:
>
>>
>> Hi!
>>
>> I need to convert PKCS#7 attached signatures to PKCS#7 detached
>> signatures.
>>
>> Is it possibly? Is there any example?
>>
>> Thanks anyway!
>
>
> Since noone else answered I'll thay the little I believe to know about
> the subject... ;)
>
> I don't think doing this is possible using the openssl utilitoies, but
> it might be done using the ASN1 APIs. Maybe you should have a look at
> the asn1parse utility (apps/asn1pars.c) as a staring point.
>
> And tell me if you find out more.
> Ted
> ;)
>
You can give a chance to openssl, viewing around the smime option.
You must convert your pkcs#7 back to smime, then take a look at the
-nodetach implementation in the smime, maybe you can find the exact way
to do the detach
conversion.

Hope this helps.

--
Dott. Mag. Sergio Rabellino

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#7

Dr. Stephen Henson
In reply to this post by Bernhard Fröhlich-2
On Tue, Jan 17, 2006, Bernhard Froehlich wrote:

> [hidden email] wrote:
>
> >
> >Hi!
> >
> >I need to convert PKCS#7 attached signatures to PKCS#7 detached
> >signatures.
> >
> >Is it possibly? Is there any example?
> >
> >Thanks anyway!
>
> I don't think doing this is possible using the openssl utilitoies, but
> it might be done using the ASN1 APIs. Maybe you should have a look at
> the asn1parse utility (apps/asn1pars.c) as a staring point.
>
>

It is possible with some caveats.

Basically you have to poke around the PKCS7 structure, get get hold of the
content ASN1_OCTET_STRING struture, create a BIO out of it and then zero out
the field so the PKCS7 structure no longer includes the content.

The caveats are that the format of the included content may not be appropriate
for the detached content for (MIME multipart/signed format). In particular
that MIME type requires valid MIME headers and canonical format for the
first (to be signed) part. If the embedded content isn't of that form it can't
be translated without breaking the signature.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]